2024-06-09 08:41:24 -04:00
|
|
|
"""A collection of helper functions for the interaction with Ghidra."""
|
|
|
|
|
|
|
|
import logging
|
2024-08-29 14:54:23 -04:00
|
|
|
import re
|
2024-06-09 08:41:24 -04:00
|
|
|
|
|
|
|
from lego_util.exceptions import (
|
|
|
|
ClassOrNamespaceNotFoundInGhidraError,
|
|
|
|
TypeNotFoundInGhidraError,
|
|
|
|
MultipleTypesFoundInGhidraError,
|
|
|
|
)
|
|
|
|
|
|
|
|
# Disable spurious warnings in vscode / pylance
|
|
|
|
# pyright: reportMissingModuleSource=false
|
|
|
|
|
|
|
|
from ghidra.program.flatapi import FlatProgramAPI
|
2024-07-30 13:02:15 -04:00
|
|
|
from ghidra.program.model.data import DataType, DataTypeConflictHandler, PointerDataType
|
2024-06-09 08:41:24 -04:00
|
|
|
from ghidra.program.model.symbol import Namespace
|
|
|
|
|
|
|
|
logger = logging.getLogger(__name__)
|
|
|
|
|
|
|
|
|
|
|
|
def get_ghidra_type(api: FlatProgramAPI, type_name: str):
|
|
|
|
"""
|
|
|
|
Searches for the type named `typeName` in Ghidra.
|
|
|
|
|
|
|
|
Raises:
|
|
|
|
- NotFoundInGhidraError
|
|
|
|
- MultipleTypesFoundInGhidraError
|
|
|
|
"""
|
|
|
|
result = api.getDataTypes(type_name)
|
|
|
|
if len(result) == 0:
|
|
|
|
raise TypeNotFoundInGhidraError(type_name)
|
|
|
|
if len(result) == 1:
|
|
|
|
return result[0]
|
|
|
|
|
|
|
|
raise MultipleTypesFoundInGhidraError(type_name, result)
|
|
|
|
|
|
|
|
|
2024-07-30 13:02:15 -04:00
|
|
|
def get_or_add_pointer_type(api: FlatProgramAPI, pointee: DataType) -> DataType:
|
|
|
|
new_pointer_data_type = PointerDataType(pointee)
|
|
|
|
new_pointer_data_type.setCategoryPath(pointee.getCategoryPath())
|
|
|
|
return add_data_type_or_reuse_existing(api, new_pointer_data_type)
|
|
|
|
|
|
|
|
|
|
|
|
def add_data_type_or_reuse_existing(
|
|
|
|
api: FlatProgramAPI, new_data_type: DataType
|
|
|
|
) -> DataType:
|
2024-06-09 08:41:24 -04:00
|
|
|
result_data_type = (
|
|
|
|
api.getCurrentProgram()
|
|
|
|
.getDataTypeManager()
|
|
|
|
.addDataType(new_data_type, DataTypeConflictHandler.KEEP_HANDLER)
|
|
|
|
)
|
|
|
|
if result_data_type is not new_data_type:
|
|
|
|
logger.debug(
|
2024-07-30 13:02:15 -04:00
|
|
|
"Reusing existing data type instead of new one: %s (class: %s)",
|
2024-06-09 08:41:24 -04:00
|
|
|
result_data_type,
|
|
|
|
result_data_type.__class__,
|
|
|
|
)
|
|
|
|
return result_data_type
|
|
|
|
|
|
|
|
|
|
|
|
def get_ghidra_namespace(
|
|
|
|
api: FlatProgramAPI, namespace_hierachy: list[str]
|
|
|
|
) -> Namespace:
|
|
|
|
namespace = api.getCurrentProgram().getGlobalNamespace()
|
|
|
|
for part in namespace_hierachy:
|
|
|
|
namespace = api.getNamespace(namespace, part)
|
|
|
|
if namespace is None:
|
|
|
|
raise ClassOrNamespaceNotFoundInGhidraError(namespace_hierachy)
|
|
|
|
return namespace
|
|
|
|
|
|
|
|
|
|
|
|
def create_ghidra_namespace(
|
|
|
|
api: FlatProgramAPI, namespace_hierachy: list[str]
|
|
|
|
) -> Namespace:
|
|
|
|
namespace = api.getCurrentProgram().getGlobalNamespace()
|
|
|
|
for part in namespace_hierachy:
|
|
|
|
namespace = api.getNamespace(namespace, part)
|
|
|
|
if namespace is None:
|
|
|
|
namespace = api.createNamespace(namespace, part)
|
|
|
|
return namespace
|
|
|
|
|
|
|
|
|
2024-08-29 14:54:23 -04:00
|
|
|
# These appear in debug builds
|
|
|
|
THUNK_OF_RE = re.compile(r"^Thunk of '(.*)'$")
|
|
|
|
|
|
|
|
|
2024-06-09 08:41:24 -04:00
|
|
|
def sanitize_name(name: str) -> str:
|
|
|
|
"""
|
|
|
|
Takes a full class or function name and replaces characters not accepted by Ghidra.
|
2024-08-29 14:54:23 -04:00
|
|
|
Applies mostly to templates, names like `vbase destructor`, and thunks in debug build.
|
2024-06-09 08:41:24 -04:00
|
|
|
"""
|
2024-08-29 14:54:23 -04:00
|
|
|
if (match := THUNK_OF_RE.fullmatch(name)) is not None:
|
|
|
|
is_thunk = True
|
|
|
|
name = match.group(1)
|
|
|
|
else:
|
|
|
|
is_thunk = False
|
|
|
|
|
|
|
|
# Replace characters forbidden in Ghidra
|
|
|
|
new_name = (
|
2024-06-09 08:41:24 -04:00
|
|
|
name.replace("<", "[")
|
|
|
|
.replace(">", "]")
|
|
|
|
.replace("*", "#")
|
|
|
|
.replace(" ", "_")
|
|
|
|
.replace("`", "'")
|
|
|
|
)
|
2024-08-29 14:54:23 -04:00
|
|
|
|
2024-06-09 08:41:24 -04:00
|
|
|
if "<" in name:
|
2024-08-29 14:54:23 -04:00
|
|
|
new_name = "_template_" + new_name
|
|
|
|
|
|
|
|
if is_thunk:
|
|
|
|
split = new_name.split("::")
|
|
|
|
split[-1] = "_thunk_" + split[-1]
|
|
|
|
new_name = "::".join(split)
|
2024-06-09 08:41:24 -04:00
|
|
|
|
2024-08-29 14:54:23 -04:00
|
|
|
if new_name != name:
|
|
|
|
logger.info(
|
|
|
|
"Changed class or function name from '%s' to '%s' to avoid Ghidra issues",
|
2024-06-09 08:41:24 -04:00
|
|
|
name,
|
2024-08-29 14:54:23 -04:00
|
|
|
new_name,
|
2024-06-09 08:41:24 -04:00
|
|
|
)
|
2024-08-29 14:54:23 -04:00
|
|
|
return new_name
|